Glpi@0.78.2 Security Vulnerabilities and Issues — Glpi@0.78.2 CVE List

Lucene search

Glpi-projectGlpi0.78.2

6 matches found

CVE•added 2013/09/23 3:49 a.m.•120 views

CVE-2013-5696

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary...

6.8CVSS8.1AI score0.6873EPSS

CVE•added 2014/05/27 3:0 p.m.•49 views

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.

6.4CVSS7.4AI score0.15509EPSS

CVE•added 2012/10/09 11:55 p.m.•46 views

CVE-2012-4003

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.8AI score0.00256EPSS

CVE•added 2012/07/12 8:55 p.m.•42 views

CVE-2012-1037

PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.

6.5CVSS7AI score0.00607EPSS

CVE•added 2012/10/09 11:55 p.m.•42 views

CVE-2012-4002

Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8CVSS7.3AI score0.002EPSS

CVE•added 2011/08/05 9:55 p.m.•41 views

CVE-2011-2720

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

5CVSS6AI score0.01024EPSS